From: Vincent Bray Date: Sun, 2 Dec 2007 05:40:49 +0000 (+0000) Subject: Backport 600245 (AuthDigestQueryStringHack for MSIE7) X-Git-Tag: 2.0.62~61 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfc580f8ca5bce78242ed120608f6c4893af5da8;p=thirdparty%2Fapache%2Fhttpd.git Backport 600245 (AuthDigestQueryStringHack for MSIE7) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@600249 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_auth_digest.xml b/docs/manual/mod/mod_auth_digest.xml index 4b8575ac6e6..edd5195adc1 100644 --- a/docs/manual/mod/mod_auth_digest.xml +++ b/docs/manual/mod/mod_auth_digest.xml @@ -85,10 +85,10 @@
Working with MS Internet Explorer -

The Digest authentication implementation in current Internet - Explorer implementations has known issues, namely that GET - requests with a query string are not RFC compliant. There are a - few ways to work around this issue.

+

The Digest authentication implementation in previous Internet + Explorer for Windows versions (5 and 6) had issues, namely that + GET requests with a query string were not RFC compliant. + There are a few ways to work around this issue.

The first way is to use POST requests instead of @@ -101,13 +101,16 @@ AuthDigestEnableQueryStringHack environment variable. If AuthDigestEnableQueryStringHack is set for the request, Apache will take steps to work around the MSIE bug and - remove the request URI from the digest comparison. Using this + remove the query string from the digest comparison. Using this method would look similar to the following.

Using Digest Authentication with MSIE: BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On +

This workaround is not necessary for MSIE 7, though enabling it does + not cause any compatibility issues or significant overhead.

+

See the BrowserMatch directive for more details on conditionally setting environment variables